Q
Problem solve Get help with specific problems with your technologies, process and projects.

# The difficulty of stealing information compressed with a private algorithm

If the information traversing an OC3 line is compressed with an algorithm that is not public, how difficult would...

it be to steal the information? What would a thief have to do to get this information?

They need to get the compression algorithm. That's the simplest way to do it. Probably they could crack the algorithm, but it's probably simpler to just steal a copy of it.

Are you considering doing this, or are you just asking?

The reason I ask is that there's an important difference between coding and encryption. Coding is a different way of writing things. For example, this message is coded in ASCII. A coding is just a way of saying that this group of bits means that group of symbols. Anyone who knows the coding algorithm can translate the bits into symbols.

Encryption is an algorithm that is a function. That function takes a parameter, the key, and when applied to your set of bits, translates it into another set of bits that someone can't undo without the key.

It is certainly possible to make codings where the coding itself can be thought of as the key. That's what you're suggesting. If your attacker, however, gets one of your coding machines and takes it apart, then you've lost the secrecy of the entire system. With encryption, the security revolves around the keys. Your attacker can have a machine just like yours, and they still can't steal your data unless they steal your keys.

If you are building a real-world system, the best solution is to compress something, then encrypt the compressed data. That way, you can pick the most efficient compression algorithm for your data (for example, LZ compression works well on text, and JPEG works well on pictures), and then encrypt that. With today's silicon, symmetric encryption (which is what you'll do on bulk data going through an OC3) is basically for free. It is more likely that a fancy compression algorithm will be much more expensive than the encryption. It will also be much more secure.

Many people have tried to devise systems that combine some sort of compression with some sort of confidentiality features. I haven't seen one that works as well as the simple mechanism of compress and encrypt.

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Encryption
Tech Tip: Tales from the crypto

This was last published in April 2002

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### CyberArk warns of 'shadow admins' in cloud environments

At RSA Conference 2018, CyberArk researchers described how threat actors are able to gain access to cloud environments and ...

• ### How enterprises should handle GDPR compliance in the cloud

GDPR compliance in the cloud can be an intimidating concept for some enterprises, but it doesn't have to be. Rob Shapland ...

• ### Compromised cloud credentials still plaguing enterprises

Why are enterprises still struggling with identity and access management in the cloud? Experts at RSA Conference discuss the ...

## SearchNetworking

• ### Top application delivery controllers offer range of options

The leading ADC vendors offer a broad range of physical and virtual appliances, with varying throughput levels and diverse ...

• ### New Accedian SkyLIGHT PVX has root-cause analytics

Accedian Networks has launched its first product from the Performance Vision acquisition. SkyLIGHT PVX includes network ...

• ### New CDN services give providers an edge in WAN marketplace

With enterprises moving workloads to public cloud, the CDN services market could see growth in security and performance services,...

## SearchCIO

• ### The CIO voice in the boardroom: Skills needed to get there

At a recent webinar, IT leaders discussed the factors driving the absence of a CIO voice in the boardroom and highlighted the ...

• ### Workplace 'mindfulness' as coping mechanism for AI disruption

Two tech titans investing in the AI tools that automate jobs are also sinking money into workplace mindfulness programs aimed at ...

• ### Juniper CEO Rahim stresses cybersecurity training, automation at RSA 2018

During his RSA Conference keynote, Juniper CEO Rami Rahim encouraged leaders to be "agents of change" that embrace automation in ...

## SearchEnterpriseDesktop

• ### Spectre and Meltdown vulnerabilities show haste makes waste

When the Meltdown and Spectre vulnerabilities came to light, everyone scrambled to find a fix. As a result, the patching process ...

• ### Workflow automation software improves LA court productivity

Court's in session, and the jury is unanimous: Automation software can help IT departments provide simpler workflows for end ...

• ### How to create a custom Windows 10 image for deployment

IT pros can build a Windows 10 image with custom apps, Start menu tools and more that they can easily deliver throughout the ...

## SearchCloudComputing

• ### Users demand more from containers in cloud

Technology is always advancing, but it needs to march in the direction that users want. Containers are maturing, but plenty of IT...

• ### IaaS and PaaS blurred lines increase lock-in risks

There are three distinct cloud service categories: IaaS, PaaS and SaaS. However, IaaS and PaaS are getting a little too close, ...

• ### Single pane of glass for multi-cloud management still elusive

Unified management for multi-cloud remains a work in progress. Vendors have yet to produce the perfect single-pane-of-glass tool ...

## ComputerWeekly.com

• ### Full-fibre broadband specialist CityFibre acquired for £538m

Full-fibre broadband specialist CityFibre is to be bought by a Goldman Sachs-backed consortium as it seeks more cash to fulfil ...

• ### Unified communications supplier Mitel bought by VCs

Unified communications and networking technology supplier Mitel is to be acquired by affiliates of Searchlight Capital Partners ...

• ### NHS shared care records: progress, projects and privacy

Sharing health records across health and social care has been something the NHS has worked towards for a long time. As the NHS ...

Close